News Bits

Cipher Newsletter E60, May 18, 2004,


IETF Revises Extensible Authentication Protocol
By Jari Arkko and Russ Housley

Network access technologies such as PPP employ EAP (Extensible Authentication Protocol, RFC 2284) for authenticating clients that are attempting to connect to the network.

In view of increased EAP usage in, for instance, IEEE 802.11 wireless LANs, the IETF has produced a revised version of the EAP specifications. The revised specifications include:

Ongoing work in the area includes guidelines and security considerations for use of EAP-derived cryptographic keys, and the publication of various authentication methods under the EAP framework.

For more information, contact Jari Arkko (, Bernard Aboba (, or Russ Housley (

Task force releases security recommendations
Group includes reps from Microsoft, Computer Associates
By Paul Roberts, IDG News Service April 01, 2004

BOSTON - A computer industry task force that includes representatives from Microsoft Corp. and Computer Associates International Inc. issued its first round of recommendations on Thursday for improving software security, including a role for the U.S. government in supporting creation of secure software products.

Microsoft Shelves NGSCB Project As NX Moves To Center Stage
Windows XP SP2 hooks into No Execute technology in newer AMD, Intel processors
By Paula Rooney, CRN
9:32 AM EST Wed., May 05, 2004

After a year of tackling the Windows security nightmare, Microsoft has killed its Next-Generation Secure Computing Base (NGSCB) project and later this year plans to detail a revised security plan for Longhorn, the next major version of Windows, company executives said.

On Tuesday, Microsoft executives confirmed that NGSCB will be canned. The project, dreamed up with Intel in 2002, was once code-named Palladium.

Microsoft: 'Palladium' Is Still Alive and Kicking
By Mary Jo Foley, Microsoft Watch
May 5, 2004

SEATTLE -- Microsoft
Corp. spent much of Day 2 of its Windows Hardware Engineering Conference (WinHEC) here refuting a published report claiming the company has axed its Next Generation Secure Computing Base (NGSCB) security technology.

"NGSCB is alive and kicking," said Mario Juarez, a product manager in Microsoft's security and technology business unit.